14-Alexandrite

Solved

How to limit access to TWX Composer

Forum|Forum|5 years ago
November 9, 2020
3 replies
2696 views

Hi there!

I created a custom READ only role (by following documentation) and I could remove Composer tile from composer. But if the User enters the http://<domain>/Thingworx/Composer/ URL in the browser they get, although limited, still access to the ThingWorx Composer. I'd like to change the behavior by changing the response (to not responding at all, responding 404, or redirecting) so that the user can't see the Composer at all. How would you do that?

Any hints on the matter would be much appreciated.

Regards,

Nahuel

Best Practices

Best answer by mnarang

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

Hope it helps

Thanks
Mukul Narang

M

mnarang

5-Regular Member

I believe from Thingworx 8.4 and later there is already a system object in User Group called ComposerUser. You can restrict any user from completely accessing composer by removing that user from ComposerUser user group.

Thanks,

Mukul Narang

N

nahuel

Author

14-Alexandrite

Hi @mnarang

Thanks for your answer. I found the ComposerUsers user group which has Users user group (ie, all users) as a member. I did the following:

1)I removed Users user group from ComposerUsers user group.

2)I duplicated Users user group (ex, CustomComposerUsers).

3)I removed the user that do not need access to Composer from CustomComposerUsers user group.

4)I added CustomComposerUsers user group as a member of ComposerUsers user group.

But when I tried to log in into ThingWorx Apps I got the following message:

Screenshot from 2020-11-26 16-14-44.png

and If I add back the removed user in step 3) into CustomComposerUsers user group the message does not show up again.

M

mnarang

Answer

5-Regular Member

The issue here is: if a non admin user wants to see a mashup and you want to restrict the same user to open the composer. Ideally you will remove the user from ComposerUserGroup then this user will not be able to open the composer but when this user will try to open the desired mashup it will through 401 not authorized to read. Now if you go to composer and give that mashup and other related component desired permission, user will be able to see this mashup. The same is happening with manufacturing apps landing page (considering it is also a mashup). So it does not matter if your apps user is in Maintenance engineer group or not but if that user is not able to open the composer then you need to give all the required permission to open the desired apps landing page.

Hope it helps

Thanks
Mukul Narang

A

anarwal

5-Regular Member

Hi @nahuel , If @mnarang response has answered your question, please mark as Accepted Solution, for the benefit of others who may have the same question.

S

slangley

Support

Hi @nahuel.

I have marked the solution for this post. If you disagree that it is the solution, please let me know.

Regards.

--Sharon

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded